Providing Fine-Grained Access Using Permission Conditions

Overview

Starting with the first maintenance release for SAS 9.4, you can use permission conditions to give users access to some but not all of the data within a physical table and parent library. For more information about fine-grained controls for data, see SAS Intelligence Platform: Security Administration Guide.
Use the following approach:
  1. If the physical table and its parent library are not already bound to metadata, bind them.
  2. Set metadata-layer permissions to control who can access each table.
  3. Use SAS Environment Manager to specify permission conditions.

Instructions

  1. Access the Authorizationthen selectBasic tab for the secured table object that corresponds to the metadata-bound library whose data sets you want to protect.
  2. In the Select column, click the cell for the identity whose access you want to limit.
    Note: If the identity is not already listed, click the plus icon at the right edge of the table to add the identity.
  3. From the cell’s drop-down list, select Conditional grant to add an explicit grant of the Select permission for the selected identity.
    Note: If Conditional grant is already selected, a condition already exists (and selecting Conditional grant enables you to view or update the condition).
  4. In the New Permission Condition window, enter the WHERE clause for an SQL query that filters the data as appropriate for the selected identity. Do not include the WHERE key word in your entry.
    Tip
    To make dynamic, per-person access distinctions, you can use identity-driven properties as the values against which target data values are compared. Use the following syntax when specifying one of these properties: SUB::property-name (for example, SUB::SAS.Userid). For a list of available identity-driven properties, see SAS Intelligence Platform: Security Administration Guide.
    CAUTION:
    The syntax that you enter and save in the New Permission Condition window is not checked for validity.
    Make sure that the syntax that you have entered is correct.
  5. Click OK. Notice that the cell contains the conditional grant icon conditional grant icon with an explicit control indicator explicit indicator icon.
  6. In the toolbar at the top of the tab, click the save icon.
Copyright © SAS Institute Inc. All rights reserved.